package com.example.springsecurity.config;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@EnableWebSecurity
public class SpringSecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeHttpRequests(
                authorize -> authorize
                        .mvcMatchers("/test").authenticated()
                        .anyRequest().permitAll()
//                        .anyRequest().authenticated()  //拦截所有
//                        .anyRequest().permitAll() //开放所有
//       允许用户使用基于表单的登录进行身份验证
        ).formLogin(Customizer.withDefaults())
//                允许用户使用 HTTP Basic 身份验证进行身份验证
                .httpBasic(Customizer.withDefaults());
        return httpSecurity.build();
    }
}
